Issue metadata
Sign in to add a comment
|
InsertHTML with display:flex crashes |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4925752386781184 Fuzzer: inferno_layout_test_unmodified Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: blink::Node::isPseudoElement blink::Node::hasEditableStyle blink::Node::hasEditableStyle Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=375118:375134 Minimized Testcase (0.45 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97cyZ2Iqth8JOW4KdQPn9q9yaO0HM7_EGg8J9W_vOsnuNFunqraLMojHEt0jnAZ8Da4NwuyE6PQC4PptzW9sJluKpJsS7Zee9QD1TWhB5fA-4-amIDwXI0LT_ZV2HHA41mSf8EIajo5yfMLBy6s3aVrz1jRxQ?testcase_id=4925752386781184 Filer: ssamanoori See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 8 2016
"style: Rename the PseudoId enum values to CamelCase and prefix them." isn't a likely candidate for renaming things. Please assign to owners for the component.
,
Jul 11 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5631473562681344 Fuzzer: ochang_domfuzzer Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000000 Crash State: blink::Node::hasEditableStyle blink::CompositeEditCommand::insertNodeBefore blink::RemoveNodePreservingChildrenCommand::doApply Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=404506:404552 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95bpohmYaaadIVbzBUy3TLG3OHj99wPEE2j8-LLhd8jjFlV16HoUEdcLW3EHlhIiXOChO6G3SSKV-9v6HVS97s3rY7HcfUN-vmxSdmdeHLy40AvXQ8fSdKw_y6rdOXmzzu2GUvBigKrsg_ZaXOGVEViKrV7yg?testcase_id=5631473562681344 Additional requirements: Requires Gestures Filer: mmohammad See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 12 2016
Lower to Pri-2 since real world usage of insertHTML with display:flex is low. DOM tree at null pointer reference. m_startingSelection.showTreeForThis() BODY 00000469C71631D0 DIV 00000469C7163238 ID="test" (editable) (focused) #text 00000469C7163708 "\n x" DIV 00000469C71634C8 (editable) #text 00000469C7163530 "foo" DIV 00000469C71635E8 (editable) #text 00000469C7163650 "bar" SE #text 00000469C71632A0 "x\n " #text 00000469C71632F0 "\n " SCRIPT 00000469C7163340 #text 00000469C71633B8 "... script ...");\n "
,
Jul 12 2016
removeRedundantStylesAndKeepStyleSpanInline() removed |refNode|. DOM tree before: BODY 000004463D9C31D0 DIV 000004463D9C3238 ID="test" (editable) (focused) #text 000004463D9C3708 "\n x" DIV 000004463D9C34C8 (editable) #text 000004463D9C3530 "foo" * SPAN 000004463D9C3580 (editable) DIV 000004463D9C35E8 (editable) #text 000004463D9C3650 "bar" #text 000004463D9C32A0 "x\n " #text 000004463D9C32F0 "\n " SCRIPT 000004463D9C3340 #text 000004463D9C33B8 "...script..."
,
Jul 13 2016
ClusterFuzz has detected this issue as fixed in range 404826:404849. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5631473562681344 Fuzzer: ochang_domfuzzer Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000000 Crash State: blink::Node::hasEditableStyle blink::CompositeEditCommand::insertNodeBefore blink::RemoveNodePreservingChildrenCommand::doApply Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=404506:404552 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=404826:404849 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95bpohmYaaadIVbzBUy3TLG3OHj99wPEE2j8-LLhd8jjFlV16HoUEdcLW3EHlhIiXOChO6G3SSKV-9v6HVS97s3rY7HcfUN-vmxSdmdeHLy40AvXQ8fSdKw_y6rdOXmzzu2GUvBigKrsg_ZaXOGVEViKrV7yg?testcase_id=5631473562681344 Additional requirements: Requires Gestures See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 22 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4544494842413056 Fuzzer: inferno_layout_test_unmodified Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: blink::Node::isPseudoElement blink::hasEditableStyle blink::Node::hasEditableStyle Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=375118:375134 Minimized Testcase (0.36 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95wEi5yPyA0xf-_KScIz8Hq2lQwWg8eXLILos02-hv_MLhsm9-Hji0AwvGDKEe7lOIbyXRaIOytflrIPOK2quSkWLtsTFKGLrXMQNLv14fEEO2DEXXUOTAJJemAbM5YDcek1u2moitF8LZW3oqIA02b8TD8HQ?testcase_id=4544494842413056 Filer: mummareddy See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 27 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5815372796395520 Fuzzer: inferno_layout_test_unmodified Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: blink::Node::isPseudoElement blink::hasEditableStyle blink::hasEditableStyle Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=375118:375134 Minimized Testcase (0.37 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97EVFeI0PzPz8r6g-cbSZAlniABO5D1DJPbnHTtZdkG2zjlfiaoZ5vlJj1tk7mqte9s4GtNHeYu9K7qPIiQ8oaFc4tKdSp4yAVqXQzasljc5xeZNcPjtk9oxpu4rWUIpk2k_f03YYyvL0Vt1p_cgG0fHsNPMQ?testcase_id=5815372796395520 Filer: rnimmagadda See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 29 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5391118107934720 Fuzzer: inferno_layout_test_unmodified Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: blink::Node::isPseudoElement blink::hasEditableLevel blink::hasEditableStyle Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=375118:375134 Minimized Testcase (0.37 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95K0zl3PCLLssflMvH-Pxcpj-Ps5hemvrB4MBh8cJNJICLQ7cZnPERITJoLVHEDL4H-Qe1Xq8cX2aEUs8vzXvZf3dCe26ph3NGMWjH_xRhbYJUC0310Ic0INjy0U9rCb4sGP0-864aPuPG8xscyOjXDEEFrlQ?testcase_id=5391118107934720 Filer: mmohammad See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Aug 2 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5146686358028288 Fuzzer: ochang_domfuzzer Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: blink::hasEditableLevel blink::CompositeEditCommand::insertNodeBefore blink::ReplaceSelectionCommand::doApply Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=409147:409160 Minimized Testcase (0.45 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94JCtM5DKmnRbc29iIhjwKYPQXotSS5DNWJaFKfzHGrMKY31_yvc-vmJTZiFpsEl6zcgk7xxO0mb9qpT_MhLfI0AAbNFCE447H-3czUvBxb4HVHhhuEWHwH8xC5t_XaCoaV9KegupcqbTYpb8IwdlFIjnI4Ew?testcase_id=5146686358028288 Filer: mummareddy See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Aug 2 2016
From findit tool: Author: yoichio Project: chromium Changelist: https://chromium.googlesource.com/chromium/src//+/f24f6158c1f2c91d9fa1318342a7139cb86a5b0d Time: Tue Aug 02 07:11:48 2016 File EditingUtilities.cpp is changed in this cl (and is part of stack frame #1, "blink::hasEditableLevel") Minimum distance from crash line to modified line: 25. (file: EditingUtilities.cpp, crashed on: 263, modified: 288). Suspected Project: chromium Suspected Component: Blink>Editing yoichio, could you please take a look? Thank you.
,
Sep 14 2016
ClusterFuzz has detected this issue as fixed in range 409588:409589. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4544494842413056 Fuzzer: inferno_layout_test_unmodified Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: blink::Node::isPseudoElement blink::hasEditableStyle blink::Node::hasEditableStyle Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=375118:375134 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=409588:409589 Minimized Testcase (0.36 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95wEi5yPyA0xf-_KScIz8Hq2lQwWg8eXLILos02-hv_MLhsm9-Hji0AwvGDKEe7lOIbyXRaIOytflrIPOK2quSkWLtsTFKGLrXMQNLv14fEEO2DEXXUOTAJJemAbM5YDcek1u2moitF8LZW3oqIA02b8TD8HQ?testcase_id=4544494842413056 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 18 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Nov 25 2016
ClusterFuzz has detected this issue as fixed in range 434407:434416. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5815372796395520 Fuzzer: inferno_layout_test_unmodified Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: blink::Node::isPseudoElement blink::hasEditableStyle blink::hasEditableStyle Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=375118:375134 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=434407:434416 Minimized Testcase (0.37 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97EVFeI0PzPz8r6g-cbSZAlniABO5D1DJPbnHTtZdkG2zjlfiaoZ5vlJj1tk7mqte9s4GtNHeYu9K7qPIiQ8oaFc4tKdSp4yAVqXQzasljc5xeZNcPjtk9oxpu4rWUIpk2k_f03YYyvL0Vt1p_cgG0fHsNPMQ?testcase_id=5815372796395520 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 30 2016
ClusterFuzz has detected this issue as fixed in range 434929:434986. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5146686358028288 Fuzzer: ochang_domfuzzer Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: blink::hasEditableLevel blink::CompositeEditCommand::insertNodeBefore blink::ReplaceSelectionCommand::doApply Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=409147:409160 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=434929:434986 Minimized Testcase (0.45 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94JCtM5DKmnRbc29iIhjwKYPQXotSS5DNWJaFKfzHGrMKY31_yvc-vmJTZiFpsEl6zcgk7xxO0mb9qpT_MhLfI0AAbNFCE447H-3czUvBxb4HVHhhuEWHwH8xC5t_XaCoaV9KegupcqbTYpb8IwdlFIjnI4Ew?testcase_id=5146686358028288 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 30 2016
ClusterFuzz testcase 4925752386781184 is flaky and no longer reproduces, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ssamanoori@chromium.org
, Jul 8 2016Components: Tools>Test>FindIt>WrongResult Blink>Editing
Labels: -Type-Bug findit-wrong Te-Logged M-52 Type-Bug-Regression
Owner: danakj@chromium.org
Status: Assigned (was: Available)